OpenSAML user discussion

[Brent Putman <>]

 wrote:
> When I use SignatureValidator to Valid an Assertion,I occured the 
> following error: 
> ERROR: 
> 126221 [http-80-1] INFO org.apache.xml.security.signature.Reference - 
> Verification successful for URI "#123456" 
> org.opensaml.xml.validation.ValidationException: Signature did not 
> validate against the credential's key 
>         at 
> org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.j­ava:
>  
> 78) 
>
>   


The Reference digest evaluation is fine.  It's failing the evaluation of
the actual SignatureValue of the SignedInfo.  One of the most common
signature validation failure causes is that the XML has been modified
after it was signed by pretty printing or incorrect serialization or
deserialization.  Since the Reference here is succeeding, that actually
indicates that that may not be the case here.  But I would double-check
both ends as to how the XML is being processed.

It actually sounds like maybe you are just not validating with the right
cert/key.  I would sanity check that that key you are reading in the
from the filesystem is actually the public half of the signing key
pair.  Also try comparing it to the cert in the Signature's KeyInfo,
since presumably that is the correct one.

> Code is : 
>
>   


Your code itself looks fine.